Dear friends,
I thank you for all replies.
If you permit, I'd like to present my modest view of the problem.
I agree with Tom when he says:
>
>... if the user wishes the password to be secure, he
>needs to encrypt it on the client side. Anything else is
>just the illusion of security.
>
and with Bruce:
>
>... I see no way to secure this really since the
>administrator typically has control over the database installation.
>
There isn't a 100% secure system.
So, I'm working in a framework to audit all operations over the
database. The rastreability is the only one tool to identify
actions of an untrustworthy DBA.
In this context, the identity of the user may be protected and
it's obvious that the protection of user password is extremely
important for preventing that someone can login as another user.
From there it came the concern with the register of the password
in plaintext in the archives and log files.
I had not thought about the history and the activity display. It´s
one another vulnerability...
I cannot see another solution not to be overhead in the logging code.
The idea of to provide a backslash command in psql is very good.
But, what about "pgAdmin", "phpPgAdmin" and other management tools?
I think that these tools, for its easiness of use, are important in
the use dissemination of PostgreSQL.
I know that I did not contribute with new facts to the discussion.
I would like, only, to stand out its importance and, one more time,
to be thankful for the attention of all.
Best regards,
Ricardo Vaz
